Hacker Using MikroTik Routers to Eavesdrop on Internet Traffic

If you own a MikroTik router, now's a good fourth dimension to cheque if your software is up to date, every bit a mysterious attacker has been exploiting these devices to secretly eavesdrop on their internet traffic.

The hacker has been actively forwarding the network traffic from over 7,500 vulnerable MikroTik routers effectually the world to servers under the assailant's control, according to security researchers at Qihoo 360's Netlab.

Routers in dozens of countries—including Russia, Islamic republic of iran, Brazil and the The states—have all been ensnared in the eavesdropping scheme. However, Netlab is warning that the threat could expand since the hacker enabled the same data-forwarding protocol, chosen SOCKS4, in another 239,000 MikroTik routers. It isn't clear for what purpose, but and so far, the attacker appears to be harvesting FTP (File Transfer Protocol) data, in addition to messaging and email traffic over SMTP, POP3, and IMAP.

Netlab researchers also noticed the scheme sniffing data related to a network management protocol that average consumers rarely use. "It is difficult to say what the attacker is upwardly to with these many SOCKS4 proxies but we think this is something significant," Netlab said in its report.

To pull this off, the hacker has been exploiting a known vulnerability in the vendor's RouterOS software that allows for remote administrative access to the device. MikroTik released a security fix in Apr, just according to Netlab'southward count, an estimated 370,000 devices remain unpatched.

The hacker behind the eavesdropping scheme appears to exist the same actor who tried to exploit the routers to secretly run a cryptocurrency miner in early August. At the time, researchers estimated the mining had reached as many as 200,000 routers.

Netlab's ain assay claims the hacker'south attempt to mine cryptocurrency through the routers failed to generate the virtual funds due to a configuration mistake. Withal, the mining appears to have hogged the CPU resources from whatsoever device that continued to an affected MikroTik router.

Security researcher Troy Mursch told PCMag the unpatched vulnerability is also opening the door for the mysterious hacker to sell access to thousands of compromised routers on the digital blackness market place. "Heaven'due south the limit once y'all have root access," he said.

To stop the ongoing attack, router owners should update the software onboard. Owners tin can too conciliate the SOCKS proxy on the router, although this will require accessing the device'southward control line interface.

Source: https://sea.pcmag.com/news/29208/hacker-using-mikrotik-routers-to-eavesdrop-on-internet-traffic

Posted by: morganhiguen.blogspot.com

Share this post